Scan content for provided string in templates and personalized vars

[jimleroyer]

Description

As an ops lead, I want to scan content of notifications (templates, templates history and personalized vars), for sensitive strings that might cause a security risk, So that I can properly report back to security folks.

WHY are we building?

To be able to search our overall notifications content in a quasi automated way.

WHAT are we building?

A script that will analyze a local database with the sensitive content.

VALUE created by our solution

Quick response time on incidents that involve notifications sending risky content.

Acceptance Criteria

• [ ] A script that can scan the content locally for the personalized variables.
• [ ] A script that can scan the content locally for templates, their history.

QA Steps

• [x] Test the script locally with some known and random strings.
• [x] https://github.com/cds-snc/notification-attic/pull/40

[jimleroyer]

• I refactored the project to be oriented toward content utilities rather than specific to Redis resigning.
• Reconstructed the database with missing tables (still ongoing).
• Created a devcontainer with Redis, PostgreSQL, etc... tools necessary for these utilities.

[jimleroyer]

PR for the new script in the attic: https://github.com/cds-snc/notification-attic/pull/40

[jimleroyer]

Merged into the attic main branch. Will wait a bit before moving to Done to provide Steve's a chance to look at it.

[sastels]

tested locally, LGTM - only thing I needed to do differently was add the database name to the loading commands, ie

psql -h db -p 5432 -U postgres -f schema.sql notification_api
psql -h db -p 5432 -U postgres -f data.sql notification_api